See: https://servers.opennicproject.org/edit.php?srv=ns5.ru.dns.opennic.glue
Re: http://91.217.137.37/
Also abuse as reported" https://www.abuseipdb.com/check/91.217.137.37
4 engines to detect at VT: https://www.virustotal.com/gui/url/7dd4b4f64fcb5bf22f5b60b6b42c59aa987f1ed24cb7e7f62b3320d2e0aa934e/detection
Forcepoint ThreatSeeker compromised websites
sophos malware callhome, command and control
Read also: https://www.wwt.com/article/mitigate-anchor-dns
Not given as blacklisted here: https://www.ip-tracker.org/blacklist-check.php?ip=91.217.137.37
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)